Occasionally my customers get an incomplete or corrupt download and on
install they get the message 'Insert Disk One'. Is there any way to catch
the incomplete/corrupt download and throw up a message or change the 'Insert
Disk One' message to alert that the download was bad and to retry.

Don Harvey

Don,

> Occasionally my customers get an incomplete or corrupt download and on
> install they get the message 'Insert Disk One'. Is there any way to catch
> the incomplete/corrupt download and throw up a message or change the
> 'Insert Disk One' message to alert that the download was bad and to retry.

Yes :)

1. General Information -> Advanced Settings -> Enable Installer Integrity
Check

and/or

2. For super duper high-security systems:

a.) Get File Info -> Verify Trust [Code-signature] -- This option lets you
retrieve the code-sign status of your own (setup) file.

b.) Get File Info -> Get Trust [Code-signature] -- For example, for updates
to make sure that only YOUR updates are applied. This option lets you
retrieve certificate specific information from a code-signed (setup) file.

Friedrich

That I did not know about. Going to play with that! :-)

--

Russ Eggen
RADFusion International, LLC

Thanks Friedrich,

This should solve the problem.

Going to try #2 also.

Don Harvey

Do have some examples of this usage? Where in the script should this
occur? The closest I've got it this:

Set Variable %VERIFIED% to FUNCTION:Get File Info(Verify Trust
[Code-Signature]) of file "ThisInstaller.exe"

I'd assume I want to check %VERIFIED% in an IF condition afterwards.
I'd also assume this happens when you start the installer program. Can
you display the results on the opening dialog if successful (%VERIFIED%
= 1 if I'm reading the docs right). Something like "installer code
signature valid" and if not, then display one of the 8 reasons for failure?

Or am I making this too complex? :-)

--

Russ Eggen
RADFusion International, LLC

Russ,

> Do have some examples of this usage? Where in the script should this
> occur?

Good question :)

The "Verify Trust [Code-signature]" script function lets you retrieve the
code-sign status of a file. The function can ensure that a binary is signed
by some key that is part of Microsoft's chain of trust. I would suggest to
add the "Verify Trust [Code-Signature]" check at the beginning of the setup
script. See attached signature1.png and signature2.png. If the signature
is invalid, the installer will terminate.

The powerful "Get Trust [Code-signature]" function lets you perform the
Authenticode verification AND retrieve code-signing certificate specific
information. This function can ensure that an (update) install image was
signed by your private key (e.g. based on the serial number or the
code-signing certificate issuer name). This function allows you build a
customized wupdate.exe (or wucheck.exe) and check whether a downloaded web
update installer package is code-signed with a specific code-signing
certificate before the update process begins. Or you can display the issuer
name and let the user decide what to do, etc. See signature3.png. BTW, we
have developed this function for the U.S. Government (to handle ultra secure
updates) -- that's why it is a bit undocumented, but fully functional <g>.
Yes, I can tell you for which U.S. Government Departments and Agencies, but
then I'd have to kill you <g>

Friedrich

Thanks!

Which US governments? I reckon that is why the 3rd image is missing <g>

--

Russ Eggen
RADFusion International, LLC

If I open it, I can see it. Thanks for the hints.

--

Russ Eggen
RADFusion International, LLC

Russ Eggen,

> Which US governments?

NSA - Never Should Ask!

Lee White

I thought it was the DEA - Don't Ever Ask!

--

Russ Eggen
RADFusion International, LLC

Russ,

> I thought it was the DEA - Don't Ever Ask!

You always want to ask them, they have all the GOOD stuff!<g>

Lee White

When you see the black helicopter....run my friend ;)

Friedrich